PT-2017-11022 · Red Hat · Koji

·

CVE-2017-1002153

·

Published

2017-10-06

·

Updated

2023-03-01

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Koji version 1.13.0
Description The issue arises from improper validation of SCM paths, enabling an attacker to bypass blacklisted paths for build submission.
Recommendations For version 1.13.0, update to a newer version that properly validates SCM paths to prevent exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2017-1002153
GHSA-VWP5-W4RQ-G4CC
PYSEC-2017-144

Affected Products

Koji